Log files may provide valuable information about the performance and/or security of various applications running on computing devices. For example, a log file may record each event or action performed by an application, including events that may indicate the presence and/or cause of a malware infection, access control violation, or performance deficiency. As such, enterprises may deploy logging systems within their computing devices that send all or a portion of the log events generated on the computing devices to a central server. The server may then analyze the log events to identify problems such as security breaches or software malfunctions.
Unfortunately, traditional logging systems may forward vast numbers of unnecessary and/or unhelpful log events to security servers. As a result, servers and/or IT administrators may have to analyze massive numbers of normal, non-suspicious log events to identify small numbers of abnormal or suspicious log events. Some logging technologies may attempt to mitigate this problem by aggregating log files (e.g., grouping log files from related processes or operating systems). However, such techniques may not sufficiently eliminate or reduce the quantity of unnecessary log files sent for analysis. In the event that too many non-suspicious log files are forwarded to a security server, the security server may be unable to effectively identify security threats. As a result, computing devices that forwarded the log files may be vulnerable to malware, data leaks, or any additional attack. Therefore, the current disclosure identifies and addresses a need for additional and improved systems and methods for filtering log files.